The study of 7,500 senior information technology executives found that 62 percent of companies will increase security spending in 2003, compared with 50 percent in 2002. The top reason for the increase in funding security programs was to satisfy legislation such as the Sarbanes-Oxley Act, which holds executives accountable for their company's disclosures.
"Sarbanes has had an impact; there is no doubt about it," said Joe Duffy, lead partner of accounting firm PricewaterhouseCoopers' Security & Privacy Solutions practice. Duffy believes that executives want greater assurances from their IT departments that their systems are secure and can be audited.
Almost two-thirds of those polled said they adopted security measures to limit liability, and almost half said it was to comply with regulations. Only 37 percent of participants said adopting security measures was prompted by a fear of a security incident that affects revenue, or because experts have long recommended such precautions.
Legislation that's passed in the last two years--Sarbanes-Oxley, the Health Insurance Portability and Accountability Act (HIPAA) and California's Security Breach Information Act--is forcing companies to meet minimum levels of security for their systems and the information in their databases. Although companies have repeatedly said self-regulation--not legislation--would lead to better security, the survey seems to argue that recent regulations have garnered better results than years of leaving the companies to their own devices.
The survey polled corporate officers in 47 different countries and across all industries. PricewaterhouseCoopers teamed with CIO magazine to produce the report.
Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.
Such incidents are helping companies quickly realize that beefing up security is worth it, Duffy said.
"There is the regulatory stick, but there is also a carrot of having a fault-tolerant, always-on network offering services," Duffy said. "I would argue good security is good business."
Be respectful, keep it clean and stay on topic. We delete comments that violate our policy, which we encourage you to read. Discussion threads can be closed at any time at our discretion.